Support signing of RADIUS response messages
This commit is contained in:
parent
2bf3858955
commit
392618d4ec
|
@ -279,14 +279,21 @@ METHOD(radius_message_t, add, void,
|
|||
}
|
||||
|
||||
METHOD(radius_message_t, sign, void,
|
||||
private_radius_message_t *this, rng_t *rng, signer_t *signer,
|
||||
hasher_t *hasher, chunk_t secret)
|
||||
private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
|
||||
hasher_t *hasher, signer_t *signer, rng_t *rng)
|
||||
{
|
||||
if (this->msg->code == RMC_ACCOUNTING_REQUEST)
|
||||
if (rng == NULL)
|
||||
{
|
||||
chunk_t msg;
|
||||
|
||||
memset(this->msg->authenticator, 0, sizeof(this->msg->authenticator));
|
||||
if (req_auth)
|
||||
{
|
||||
memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
|
||||
}
|
||||
else
|
||||
{
|
||||
memset(this->msg->authenticator, 0, sizeof(this->msg->authenticator));
|
||||
}
|
||||
msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
|
||||
hasher->get_hash(hasher, msg, NULL);
|
||||
hasher->get_hash(hasher, secret, this->msg->authenticator);
|
||||
|
|
|
@ -242,21 +242,22 @@ struct radius_message_t {
|
|||
/**
|
||||
* Calculate and add the Message-Authenticator attribute to the message.
|
||||
*
|
||||
* @param rng RNG to create Request-Authenticator
|
||||
* @param req_auth 16 byte Authenticator of request, or NULL
|
||||
* @param secret shared RADIUS secret
|
||||
* @param signer HMAC-MD5 signer with secret set
|
||||
* @param hasher MD5 hasher
|
||||
* @param secret shared RADIUS secret
|
||||
* @param rng RNG to create Message-Authenticator, NULL to omit
|
||||
*/
|
||||
void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer,
|
||||
hasher_t *hasher, chunk_t secret);
|
||||
void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
|
||||
hasher_t *hasher, signer_t *signer, rng_t *rng);
|
||||
|
||||
/**
|
||||
* Verify the integrity of a received RADIUS message.
|
||||
*
|
||||
* @param req_auth 16 byte Authenticator of request, or NULL
|
||||
* @param secret shared RADIUS secret
|
||||
* @param hasher hasher to verify Response-Authenticator
|
||||
* @param signer signer to verify Message-Authenticator attribute
|
||||
* @param signer HMAC-MD5 signer with secret set
|
||||
* @param hasher MD5 hasher
|
||||
*/
|
||||
bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
|
||||
hasher_t *hasher, signer_t *signer);
|
||||
|
|
|
@ -140,11 +140,7 @@ METHOD(radius_socket_t, request, radius_message_t*,
|
|||
chunk_t data;
|
||||
int i, *fd;
|
||||
u_int16_t port;
|
||||
|
||||
/* set Message Identifier */
|
||||
request->set_identifier(request, this->identifier++);
|
||||
/* sign the request */
|
||||
request->sign(request, this->rng, this->signer, this->hasher, this->secret);
|
||||
rng_t *rng = NULL;
|
||||
|
||||
if (request->get_code(request) == RMC_ACCOUNTING_REQUEST)
|
||||
{
|
||||
|
@ -155,7 +151,14 @@ METHOD(radius_socket_t, request, radius_message_t*,
|
|||
{
|
||||
fd = &this->auth_fd;
|
||||
port = this->auth_port;
|
||||
rng = this->rng;
|
||||
}
|
||||
|
||||
/* set Message Identifier */
|
||||
request->set_identifier(request, this->identifier++);
|
||||
/* sign the request */
|
||||
request->sign(request, NULL, this->secret, this->hasher, this->signer, rng);
|
||||
|
||||
if (!check_connection(this, fd, port))
|
||||
{
|
||||
return NULL;
|
||||
|
|
Loading…
Reference in New Issue